Forum Discussion
How to disable defender and tamper protection temporarily
Hi,
I usually disable defender when i do some certain task. However this option went away few months ago. Now i cannot cannot pause defender because it is managed by tamper protection. I cannot disable tamper protection because it is managed by administrator.
I am the administrator. I have MS 365 Business Premium account and i am global admin there. I cannot modify registry entry, i cannot change permission in registry entry for defender (Access Denied). Using powershell in admin mode says "Access Denied" or something like that.
When i go to intune.microsoft.com / endpoin security, i see on devices and nothing related to my computer.
So, how do i can pause defender? Thank you.
5 Replies
iirokaksonen You can create a policy just for your device from Intune (then excluding your device from the one that activates the feature)
Using Microsoft Intune to Disable Tamper Protection:
-Go to Microsoft Endpoint Manager Admin Center.
-Navigate to Endpoint Security > Endpoint Detection and Response.
-Look for Tamper Protection, and set it to Disabled.After making this change, sync the policy with your device:
Go to Devices in Intune, find your device, and click on Sync.
- thank you!
When I go to endpoint security, i see no devices there 😮You mentioned you have a Business Premium license which probably means you're using Defender for Business. Not sure if this works in Defender for Business but there is a troubleshooting mode where you can disable tamper protection locally on one device for four hours.
https://learn.microsoft.com/en-us/defender-endpoint/enable-troubleshooting-mode#enable-troubleshooting-mode
Two more articles that apply to your situation and how to disable tamper protection
- Disable globally - NOT recommended
- https://learn.microsoft.com/en-us/defender-endpoint/manage-tamper-protection-microsoft-365-defender
- Disable via Intune
- https://learn.microsoft.com/en-us/defender-endpoint/manage-tamper-protection-intune
The bigger question is, why exactly do you want to disable tamper protection?
- Disable globally - NOT recommended
- How are you managing the Defender policies including tamper protection? You have the option to make changes in the policy provider to disable tamper protection or use troubleshooting mode from the Defender portal to temporarily put Defender in passive mode.
rahuljindalthank you for the reply.
TBH i dont know where i manage those settings? Could you give some hint. Thank you!
